The Reveal Platform
Intel Name: Another brickstorm: stealthy backdoor enabling espionage into tech and legal sectors
Date of Scan: October 9, 2025
Impact: High
Summary: We are tracking BRICKSTORM malware, used to maintain long-term access to U.S. organizations. Since March 2025, Team Consulting has responded to intrusions in sectors like legal, SaaS, BPOs, and tech. The targets likely support zero-day development and serve as pivot points to broader victims. We attribute this activity to UNC5221 and related China-nexus clusters with advanced capabilities. Their operations exploit zero-days and evade detection by targeting network appliances lacking EDR support. BRICKSTORM modifications and stealthy techniques have allowed access to persist for an average of 393 days.
